A company's blocklist has outgrown the current technologies in place. The ACLs are at maximum, and the IPS signatures only allow a certain amount of space for domains to be added, creating the need for multiple signatures. Which of the following configuration changes to the existing controls would be the MOST appropriate to improve performance?
The most appropriate configuration change to improve performance would be to review the current blocklist to determine which domains can be removed from the list and then update the ACLs and IPS signatures. This approach directly addresses the problem of the ACLs being at their maximum and the IPS signatures having limited space for domains. By removing outdated or less relevant domains, the blocklist will be streamlined, which optimizes the usage of ACLs and IPS signatures, thus enhancing overall system performance.
Correct option is C. Statement: Review the current clocklist the prioritize it based on the level of threat severity. Add the domains with the highest severity of the blocklist and remove the lower-severity threats from it. Explanation: Since Adding domains with the highest severity of the blocklist will help in better configuration management and reduce risks of security breaches and outages and can also be sometimes very cost effective.
I agree!. It says too, "to improve performance"
I think it’s D removing threats doesnt sound good on C
"remove the lower-severity threats from it" Who would still allowed Website with threats to access their network - regardless of threat level?
Gotta go with D. C ended with "remove the lower-severity threats." This doesn't sit right with me.
Review the current blocklist to determine which domains can be removed from the list and then update the ACLs and IPS signatures is the MOST appropriate configuration change to improve performance. As the ACLs and IPS signatures have reached their maximum limits, it is essential to review the current blocklist to identify domains that are no longer relevant or pose a lower level of threat. This will help to reduce the size of the blocklist and create space for additional domains that may pose a higher level of risk. Once the review is complete, the ACLs and IPS signatures can be updated with the new list, improving the overall performance of the controls.
Surely D is the MOST appropriate? I understand why people say C, but C doesn't address the ACL or IPS issues and the question talks about improving performance. Surely D will improve it the most given it adresses the 3 issues the network has....
i think D allow no risk appetite while C allows know malicious domains although they are low.
chatgpt
There is a major difference in why the answer is D. C talks nothing about ACLs and IPS. This means that D is your best answer. Basically doing exactly what C is, but updating the ACL's and IPS as well.
D. Review the current blocklist to determine which domains can be removed from the list and then update the ACLs and IPS signatures.
Option C involves reviewing the current blocklist and prioritizing it based on the level of threat severity, adding the domains with the highest severity and removing the lower-severity threats. While this approach might help in prioritizing the blocklist, it doesn't necessarily address the issue of an overgrown blocklist and the limitations of the existing technologies. The challenge described in the scenario is that the ACLs are at maximum, and the IPS signatures have limited space for domains. Prioritizing based on threat severity might help in focusing on the most critical threats, but it doesn't directly address the issue of the blocklist exceeding the capacity of the existing controls. Option D, on the other hand, directly addresses the overgrown blocklist by reviewing and removing domains that are no longer necessary or pose lower risks. This action helps optimize the use of ACLs and IPS signatures, leading to improved performance without compromising security.
By reviewing the blocklist and removing domains that are no longer active or no longer pose a threat, the blocklist can be reduced and the ACLs updated accordingly.
Given the context of improving performance and the limitation on ACLs and IPS signatures, option D seems to be the most appropriate. It focuses on optimizing the blocklist by removing unnecessary domains, which can alleviate the constraints on ACLs and IPS signatures.
I believe answer is D. Its better to remove inactive domains rather than low threat vulnerabilities. Explanation It allows you to reduce the amount of domains in the blocklist and reduce the size of the ACLs by reviewing the blocklist and removing domains that are no longer active or no longer pose a threat, the blocklist can be reduced and the ACLs updated accordingly. This will reduce the amount of traffic and processing power required to manage the blocklist, and can help improve overall performance.
answer is c
ANSWER: C This option would improve performance by ensuring that the most critical threats are being blocked, while also reducing the number of domains on the blocklist and therefore reducing the load on the existing controls. This would make the most efficient use of the limited space available in the ACLs and IPS signatures.
C correct answer